As part of a new EPSRC funded research project investigating “Leveraging the Multi-Stakeholder Nature of Cyber Security” (EP/P011918/1) on human centred cyber security, working with the NCSC and Carnegie Mellon University (USA), we are exploring novel approaches of capturing and modelling data on the vulnerability of computer systems from a variety of sources, specifically human experts, with the aim of developing new ways of alerting stakeholders to specific areas of cyber security risk in their systems.

To support this project, we are excited to offer two positions for post-doctoral research fellows in cyber security which provide exceptional opportunities to the successful applicants, including working with leading academic and institutional partners in cyber security; being based at one of the leading universities in the UK; benefitting from fully funded residencies at partner institutions including Carnegie Mellon University to support collaboration; and competitive remuneration. The two positions have different foci as follows:

·         Research Associate/Fellow in Human-Centric Cyber Security
·         Research Associate/Fellow in Data-Driven Cyber Security

fuzzycreator is a toolkit for automatic generation and analysis of fuzzy sets from data. It facilitates the creation of both conventional and non-conventional (non-normal and non-convex) type-1, interval type-2 and general type-2 (zSlices-based) fuzzy sets from data. These fuzzy sets may then be analysed and compared through a series of tools and measures (included in the toolkit), such as evaluating their similarity and distance.
It is now available through the LUCID website at www.lucidresearch.org/software.html
Detailed documentation is available within the toolkit and a high-level overview will be available soon.

Tutorials at Fuzz-IEEE 2017: http://www.fuzzieee2017.org/tutorials.html ​

The paper by Saeed Alqahtani and Bob John has just been accepted for presentation at SSCI 2016. 

Abstract—The use of Internet has been increasing day by day and the internet traffic is exponentially increasing. The services providers such as web services providers, email services providers, and cloud service providers have to deal with millions of users per second; and thus, the level of threats to their growing networks is also very high. To deal with this much number of users is a big challenge but detection and prevention of such kinds of threats is even more challenging and vital. This is due to the fact that those threats might cause a severe loss to the service providers in terms of privacy leakage or unavailability of the services to the users. To incorporate this issue, several Intrusion Detections Systems (IDS) have been developed that differ in their detection capabilities, performance and accuracy. In this study, we have used SNORT and SURICATA as well-known IDS systems that are used worldwide. The aim of this paper is to analytically compare the functionality, working and the capability of these two IDS systems in order to detect the intrusions and different kinds of cyber-attacks within M yCloud network. Furthermore, this study also proposes a Fuzzy-Logic engine based on these two IDSs in order to enhances the performance and accuracy of these two systems in terms of increased accuracy, specificity, sensitivity and reduced false alarms. Several experiments in this compatrative study have been conducted by using and testing ISCX dataset, which results that fuzzy logic based IDS outperforms IDS alone whereas FL-SnortIDS system outperforms FL-SuricataIDS.

​You can download here

The paper "Improving Security Requirement Adequacy" by Hanan Hibishi, Travis D. Breaux and Christian Wagner has been accepted to the 2016 IEEE Symposium Series on Computational Intelligence (IEEE SSCI 2016) will be held in Athens, Greece in December 2016. The paper has resulted from a recent collaboration between Carnegie Mellon and Nottingham Universities, with Hanan visiting Nottingham in early 2016.
Full title and abstract are included below. A full version of the paper will be available soon.
Title: Improving Security Requirement Adequacy - An Interval Type 2 Fuzzy Logic Security Assessment System
Abstract: Organizations rely on security experts to improve the security of their systems. These professionals use background knowledge and experience to align known threats and vulnerabilities before selecting mitigation options. The substantial depth of expertise in any one area (e.g., databases, networks, operating systems) precludes the possibility that an expert would have complete knowledge about all threats and vulnerabilities. To begin addressing this problem of fragmented knowledge, we investigate the challenge of developing a security requirements rule base that mimics multi-human expert reasoning to enable new decision-support systems.  In this paper, we show how to collect relevant information from cyber security experts to enable the generation of: (1) interval type-2 fuzzy sets that capture intra- and inter-expert uncertainty around vulnerability levels; and (2) fuzzy logic rules driving the decision-making process within the requirements analysis. The proposed method relies on comparative ratings of security requirements in the context of concrete vignettes, providing a novel, interdisciplinary approach to knowledge generation for fuzzy logic systems. The paper presents an initial evaluation of the proposed approach through 52 scenarios with 13 experts to compare their assessments to those of the fuzzy logic decision support system. The results show that the system provides reliable assessments to the security analysts, in particular, generating more conservative assessments in 19% of the test scenarios compared to the experts’ ratings.

Tajul and Chao have released a new version of FuzzyR! https://CRAN.R-project.org/package=FuzzyR ​

Prof. Jon Garibaldi is giving a keynote presentation at CEEC 2016, the 8th Computer Science & Electronic Engineering Conference taking place at University of Essex, UK, on Friday 30th September. Copies of his slides will be posted here soon after the talk.

Bob John has just had an article accepted in the International Journal of Approximate Reasoning. 

This paper concerns itself with decision making under uncertainty and the
consideration of risk. Type-1 fuzzy logic by its (essentially) crisp nature
is limited in modelling decision making as there is no uncertainty in the
membership function. We are interested in the role that interval type-2 fuzzy
sets might play in enhancing decision making. Previous work by Bellman and
Zadeh considered decision making to be based on goals and constraint. They
deployed type-1 fuzzy sets. This paper extends this notion to interval type-2
fuzzy sets and presents a new approach to using interval type-2 fuzzy sets
in a decision making situation taking into account the risk associated with
the decision making. The explicit consideration of risk levels increases the
solution space of the decision process and thus enables better decisions. We
explain the new approach and provide two examples to show how this new
approach works.
https://www.researchgate.net/publication/308076698_Interval_Type-2_Fuzzy_Decision_Making